WEB APPLICATION PENETRATION TESTING

WEB APPLICATION PENETRATION TESTING

With intimate knowledge of all the common coding platforms, as well as many of the more obscure ones, epentest is well placed to help assure the security of your systems, however complex.

Our web application testing methodologies are well proven.

epentest testing will identify vulnerabilities that could adversely compromise the confidentiality, integrity and availability of your system and data. Our success is based on our attention to detail, years of experience and focus on your specific needs and technology.

Digital Boundary Group’s testing methodology determines if vulnerabilities exist in an application by testing application workflow, platform and host server. Controlled attacks are performed against reported vulnerabilities and a final report will identify prioritized remediation needs.

Although web applications should ideally be tested before launch, we can conduct a penetration test on live applications as well. The final report will include prioritized recommendations for strengthening your web application.

SERVICES OFFERED INCLUDE

SERVICES OFFERED INCLUDE

• Authentication and Authorisation mechanisms

• Session security and management

• Cryptographic storage and transmission of data

• Application logic

• Input validation and data sanitisation

• Error trapping and information leakage

OUR APPROACH | METHODOLOGY

At epentest, our web app penetration testing services provide a full complete view of the Application security. Testing is conducted with the help of automated scanners, scripts against the application. We use following Approach

OUR APPROACH | METHODOLOGY

At epentest, our web app penetration testing services provide a full complete view of the Application security. Testing is conducted with the help of automated scanners, scripts against the application. We use following Approach

INFORMATION GATHERING

• Finding The Entry Points Reconnaisance Analysis Of Error Codes.

CONFIGURATION MANAGEMENT TESTING

• HTTP methods and SSL Configuration analysis

• Infrastructure And Server level Vulnerabilities Identification

AUTHENTICATION TESTING

• Enumeration techniques and Brute Forcing

• Access Restrictions testing

DATA VALIDATION TESTING

• Attacking the application

• Exploting The Compromise Possibility Testings

AUTHORIZATION & ACCESS TESTING

• Path Traversal and User Management Testing

• Access And Document control testing

SESSION MANAGEMENT TESTING

• Session fixation and Session Management Vulnerabilities

RESILIANCE AND OTHER TESTING

• DOS Testing

• DDOS Testing

• Web Firewall Testing

• Web Server Testing

IDENTIFICATION AND CLASSIFICATION

• Performing OWASP Testing

• Analyzing OWASP Testing

REPORTING

• Classification Of Vulnerabilities based on risks & Priority

EXECUTION | HOW IS IT DONE?

WHO NEEDS IT?

Penetration tests are standard requirements for any e-business client, especially banks and financial institutions, to comply with information security regulations, in order to conduct business online. Organizations manage to deliver the confidentiality and integrity that their business demands by making use of the efficiencies of the Internet.

DELIVERABLES | WHAT DO YOU GET?

epentest will provide 2 reports for every scan performed-

• Technical Report - This is a detailed reportafter completion of the pentest. The report will highlight the weaknesses in the Web Application that affect the availability, reliability and integrity of information assets. It will also provide the solutions for covering each identified risk. This report will contain the following:

1. Categorization of weaknesses based on risk level.

2. Details of security holes discovered.

3. Emergency quick-fix solution for discovered vulnerabilities.

• Manager’s Report – It Contains high level details of the identified vulnerabilities, operational impact of each vulnerability, potential financial impact along with the criticality of the identified gap. It also gives suggested priorities for the patch work.

WHAT DO WE PROMISE?

epentest employs a wide variety of tools and techniques to carry out penetration testing. Each and every test is carried out by skilled security testers and the results are manually verified before communicating to you. The end result is you get comprehensive and accurate understanding of your security posture and can immediately take mitigating steps for closing any identified weakness.